Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Climate financial risk auditing

Climate change is already having a financial impact for many organisations. For example, businesses have lost premises, stock and sales due to increased flooding and are subsequently faced with higher insurance costs; utility costs have increased as suppliers meet tighter regulations; and products with lower carbon footprints have provided new growth opportunities and improved sales. Many boards will have established their strategic response, either explicitly or as part of a broader strategy. Whatever an organisation’s approach, climate change brings risks, and most will have a financial impact. 

This guidance addresses some of the main sources of financial risk in relation to climate change. These will materialise in different ways for different organisations but should be considered by all organisations. Clearly, given the broad scope of financial risk, this cannot be an exhaustive list but will focus on generic and pervasive impacts. 

Role of internal audit

In assessing potential impact, the internal auditor needs to have some understanding of the different types of financial impacts which may arise. Much of this is external to the organisation, but the internal auditor also needs to understand the organisation’s own strategic approach to climate change to put the risk in context. 

It is helpful to start planning by understanding and evaluating the organisation’s risk framework and appetite as it relates to climate change, both at a strategic and operational level. Some questions to consider are as follows (while this is focused on financial risks, the same approach can be broadened to consider the full scope of climate-related risks):

  • How is climate considered in the risk appetite of the organisation? Whether standalone or integrated within other risk appetite statements, is the climate risk appetite clear? 
  • What time horizon is considered (often this needs to be longer than a typical strategic planning horizon)?
  • Is climate related risk standalone or integrated within the broader risk framework?
  • If standalone, does it address all of the risk-types expected (see below)?
  • If integrated, are climate-related risks specifically articulated?
  • Are actual and potential financial impacts assessed and reported? Are different scenarios used and are these appropriate?
  • How are mitigating actions identified, considered and actioned?
  • What assurance is gained in the first and second lines of defence and from external sources? Is this provided to the board?
  • How are risks aggregated and assessed against risk appetite? Is this reported to the board?

It is likely that this topic will be addressed at a strategic level and then be embedded throughout relevant audits. It is important that the plan shows the totality of coverage to ensure no gaps, and that internal audit leaders pull together information from different audits to give an overall view, possibly incorporating other climate-related audit coverage. This maximises the impact of internal audit’s work to add real value at board level.

It is useful to consider the financial sector’s approach to climate risks as this will impact other sectors through investment decisions, lending terms, and insurance coverage and costs. As banks and insurers become more aware of their clients’ risks, a process being accelerated by regulatory focus including experimentation with industry-wide stress testing, these risks will increasingly be factored into decision-making. The Climate Financial Risk Forum (CFRF) summarises financial risks as deriving from two broad categories:

  • Physical risks – these may be acute risks from extreme weather events, or chronic risks resulting from changes in climate patterns.
  • Transition risks – from changing policy, technological and market shifts which arise due to the transition to a low carbon economy.

Both are seen by the CFRF to potentially impact cash flows and balance sheets. Physical risks potentially also impact operational functioning of organisations. These risks are considered in greater detail in other guidance, but include:

  • Reduced responsiveness and speed of logistics.
  • Lower quality of goods and services.
  • Suspension of operations further up the supply chain due to disruption.
  • Changes to the cost of commodities and other materials.
  • Changes down the supply change in the demand for components or end-products.

Key risks and controls

These will clearly need adapting to specific industries and businesses but provide a framework to help internal auditors consider the risks and their operational and strategic impacts. One particular challenge is the many-to-many relationship between underlying climate risks, the financial impacts of these, and the resulting financial risks to an organisation. The diagram below provides a simplified summary of this. 

The potential impacts in each category are illustrative and highlight the need for the internal auditor to understand the key financial drivers (both balance sheet and cash flow) and the key business processes for each significant business unit in the organisation. The approach taken in approaching this audit will, to a large extent, depend on the level of work the organisation has already done to understand and address its financial risks. 

Note that operational impacts are extremely broad, and are akin to any other business disruption event.  The table below focuses on financial risks and impacts, providing potential controls and mitigations to help the internal auditor plan and perform the audit. 

 Risk Potential controls/mitigations Comments

Reduction in fixed asset values due to potential or actual weather-related events.

The business has identified key risks which may result in potential damage to premises, plant and, and sets out a combination of:

  • changes in the operating model to reduce/eliminate the risk
  • contingency plans
  • appropriate insurance arrangements
Investment evaluation and approval processes incorporate a risk analysis which includes climate-related risks over the expected life of the assets
 

With existing assets, the options are clearly more limited and organisations need to weigh up the potential impacts, likelihood, and costs to mitigate. This involves both the ability to predict events which is sometimes very difficult, and the ability to predict the impacts of those events.

Insurance may be increasingly difficult to obtain for high-risk assets or may become prohibitively expensive.  Thus, while insurance is one mitigation, it may eventually compound the risk, so it is important not to over-rely on insurance.
 

Reduction in fixed asset values due to obsolescence caused by technological change in response to climate change. 

Horizon scanning and competitor analysis is used to understand the evolving market.

Investment evaluation and approval processes incorporate an analysis of risks which includes technological changes and their impact on expected asset lives

 The longer the investment term, the greater the level of uncertainty.  The internal auditor should pay attention to underlying assumptions and watch out for assumptions which are over-optimistic.  An analysis incorporating a range of scenarios would be optimal.
 

Reduction in stock values due to changes in demand for products or lost stock due to weather-related events.

An ongoing process of horizon scanning is established to identify market changes.

The business has identified key risks which may result in potential damage to stock and sets out a combination of:

  • changes in the operating model to reduce/eliminate the risk
  • contingency plans
  • appropriate insurance arrangement
 The risk and potential controls are similar to those for fixed assets, but the time horizons may be different and so the business responses may not be the same.  
 

Increase in bad debts due to economic impacts of climate-change.

 Credit policies and processes incorporate risks related to climate change As well as credit risks for individual organisations, it is important to evaluate risks relating to the markets in which the business is operating or selling into.
 

Reduced sales due to failure to respond to changing market.

Business strategy is supported by appropriate market research.

An ongoing process of horizon scanning is established to identify market changes.

Sales analysis identifies trends at an early stage

This risk corresponds closely to those relating to stock and fixed asset obsolescence.

While this risk is focused on how consumers will adapt to new products and become more aware of the climate impacts of manufacturers and suppliers, the same risk applies to business customers who are looking at supply chain impacts as part of their own climate strategy.
 

Increase in costs of commodities, raw materials and/or utilities.

 There is an evaluation of supply risks which includes:
  • analysis of the environmental impacts of commodities and raw materials
  • changes in competing demands for materials which may influence future supply
  • wider geopolitical factors.
Contingency plans for supply chains are in place, potentially including both alternative sources and replacement raw materials		 These mitigations/controls need to have a time-horizon which corresponds with the projected lifecycle of the relevant products.

Contingent liabilities

(These are potential costs that may or may not be incurred depending on the result of an uncertain future event.  Examples are potential litigation, warranty claims or bank guarantees.  If certain criteria are met, these need to be disclosed in financial statements.)

Processes to demonstrate legal and regulatory compliance, in line with a clearly articulated strategy.

Horizon scanning to understand emerging risks of litigation.

Legal review of warranties or guarantees

 Litigation can come from a variety of stakeholders and may result from the failure to mitigate or adapt to climate-related impacts. The risk will be higher in industries with a higher impact (eg fossil fuels). 

A lack of reporting of climate related risks or impacts results in loss of access to capital.

 Clear reporting in line with expectations of banks and providers of capital.   See more detail in separate guidance on climate related reporting 

The relative importance of each of these risks will depend on the nature of the organisation’s business, typical product lifecycles and the locations in which it operates and with which it does business. Given the pace of change in our scientific understanding of climate change, public attitudes and government policy, financial risk assessments need to be refreshed frequently and organisations need to be ready to adopt additional mitigating measures. It is therefore important that internal audit maintains its focus on these risks both strategically and through each element of its audit plan.

Conclusion

Financial impacts are implicit within most climate-related risks.  However, it is important for internal audit to explicitly consider the risks to financial statements and the resultant risks of reduced access to capital, liquidity implications, and difficulty obtaining cost-effective insurance. A deep understanding of the business is required, but there is a real opportunity to provide challenge and assurance at the highest level of any organisation.

Further reading

Guidance

Climate strategy

Auditing climate data and reporting

Climate impact within supply chains

Sustainable product risk management

Climate change and environmental impact

External reading

FCA - Climate Financial Risk Forum guide 2020 Risk Management chapter

Gov.uk - Environmental Reporting Guidelines: Including streamlined energy and carbon reporting guidance

Global Reporting Initiative (GRI) - Standards

Task Force on Climate related Financial Disclosures (TFCFD)

Final TCFD Recommendations Report, June 2017

Implementation Guide 2019

Content reviewed: 9 January 2024